{"id":35594,"date":"2022-04-15T17:00:27","date_gmt":"2022-04-15T21:00:27","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=35594"},"modified":"2022-04-19T15:49:32","modified_gmt":"2022-04-19T19:49:32","slug":"mac-app-store-ransomware","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/04\/15\/mac-app-store-ransomware\/","title":{"rendered":"Mac App Store Ransomware"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/keleftheriou\/status\/1514732739974471680\">Kosta Eleftheriou<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/keleftheriou\/status\/1514732739974471680\">\n<p>I didn&rsquo;t think this was possible:<\/p>\n<p>This App Store app [My Metronome - Tempo Keeper] immediately asks you for money and then <em>disables<\/em> the &ldquo;Quit&rdquo; option so that you can never close it!<\/p>\n<p>And it&rsquo;s been like that on the App Store for years!<\/p>\n<img decoding=\"async\" src=\"https:\/\/pbs.twimg.com\/media\/FQVpDEwVgAAH_5_?format=jpg&amp;name=small\" alt=\"Mac App Store review\" \/>\n<p>The developer has grossed almost a million dollars on the App Store.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/www.imore.com\/mac-app-store-developers-abusing-bait-and-switch-app-purchases\">Stephen Warwick<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.imore.com\/mac-app-store-developers-abusing-bait-and-switch-app-purchases\"><p>Users say the app forces users to pay by locking a user&rsquo;s computer, with some unable to close ads or the program itself until they had paid for the service, almost akin to ransomware.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/lapcatsoftware\/status\/1513970950554984453\">Jeff Johnson<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/lapcatsoftware\/status\/1513970950554984453\"><p>This developer &ldquo;Music Paradise, LLC&rdquo; appears to be the exact same developer as &ldquo;Groove Vibes&rdquo;. Registered at the  same street address in Novosibirsk, Russia!<\/p><p>Also, both apps lock up your Mac and can&rsquo;t be quit, which is what led me to investigate.<\/p><\/blockquote>\n\n<p>But they are catching some good developers. <a href=\"https:\/\/twitter.com\/jeiting\/status\/1514331013631164429\">Jacob Eiting<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/jeiting\/status\/1514331013631164429\"><p>One of our employees apps just got banned from the App Store for &ldquo;trying to deceive users&rdquo; because we used it to test price change behavior: they created a new SKU, subscribed to it, then raised the price from $4\/wk to $9\/wk to get screenshots of the flow.<\/p><p>This must have flagged something in the App Store looking for fraudulent price increases (even though it was opt-in) and they got a notice that the app will be removed in 14 days.<\/p><p>They told Apple it was just a test, and that wasn&rsquo;t a good enough reason for them.<\/p><p>It was ONE PURCHASE. That&rsquo;s obviously not fraud.<\/p><\/blockquote>\n\n<p>Meanwhile, Disney gets a special flow for increasing the subscription price without the customer opting in.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/04\/13\/iap-bait-and-switch-apps\/\">IAP Bait-And-Switch Apps<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/04\/12\/tim-cook-attacks-sideloading-in-privacy-keynote\/\">Tim Cook Attacks Sideloading in Privacy Keynote<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/03\/28\/special-app-store-behavior-for-disney-subscriptions\/\">Special App Store Behavior for Disney+ Subscriptions<\/a><\/li>\n<\/ul>\n\n<p>Update (2022-04-16): See also: <a href=\"https:\/\/news.ycombinator.com\/item?id=31046415\">Hacker News<\/a>.<\/p>\n\n<p id=\"mac-app-store-ransomware-update-2022-04-19\">Update (2022-04-19): <a href=\"https:\/\/www.theverge.com\/2022\/4\/15\/23027363\/apple-scammy-apps-mac-app-store-moderation\">Mitchell Clark<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.theverge.com\/2022\/4\/15\/23027363\/apple-scammy-apps-mac-app-store-moderation\">\n<p>Eleftheriou told The Verge that it &ldquo;seems like this developer has experimented with various techniques over the years of preventing people from closing the paywall,&rdquo; pointing us to several other apps that are still on the store with similar behavior &mdash; we&rsquo;ll get to those in a moment.<\/p>\n<p>[&#8230;]<\/p>\n<p>Apple didn&rsquo;t respond to The Verge&rsquo;s request for comment about whether it was the one to take the app down, or how it passed App Review in the first place.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Kosta Eleftheriou: I didn&rsquo;t think this was possible: This App Store app [My Metronome - Tempo Keeper] immediately asks you for money and then disables the &ldquo;Quit&rdquo; option so that you can never close it! And it&rsquo;s been like that on the App Store for years! The developer has grossed almost a million dollars on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-04-15T21:00:29Z","apple_news_api_id":"3b3c58fc-1d21-4409-89e3-cbd14d9165ce","apple_news_api_modified_at":"2022-04-19T19:49:36Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAw==","apple_news_api_share_url":"https:\/\/apple.news\/AOzxY_B0hRAmJ48vRTZFlzg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[2036,1421,522,30,32,39,2077,504],"class_list":["post-35594","post","type-post","status-publish","format-standard","hentry","category-technology","tag-app-store-scams","tag-app-subscriptions","tag-inapppurchase","tag-mac","tag-macapp","tag-macappstore","tag-macos-12","tag-malware"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/35594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=35594"}],"version-history":[{"count":5,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/35594\/revisions"}],"predecessor-version":[{"id":35628,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/35594\/revisions\/35628"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=35594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=35594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=35594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}